rootninja

If you submit an SSL certificate request for your Apache/Lighttpd web server to a Certificate Authority (CA) on a Windows Domain Controller, you might have to convert your resulting binary DER formatted Security Certificate into PEM so Apache or Lighttpd can understand it.

Convert a certificate from DER to PEM

# openssl x509 –in input.crt –inform DER –out output.crt –outform PEM

Convert a certificate from PEM to DER

# openssl x509 –in input.crt –inform PEM –out output.crt –outform DER

Convert a key from DER to PEM

# openssl rsa –in input.key –inform DER –out output.key –outform PEM

Convert a key from PEM to DER

# openssl rsa –in input.key –inform PEM –out output.key –outform DER

If you’re using Lighttpd, concatenate the key and pem cert so they’re both in one file. If your key has a password (openssl probably forced you to supply a password when you created the request), then you need to strip the password from it first unless you don’t mind having to supply the password every time you start the web server. I know most people don’t stop/start their server very often, but what about in a power failure, or in a remote location?

# openssl rsa -in server.key.original -out server.key.nopass
Enter pass phrase for server.key.original:
writing RSA key